Install chkrootkit on Raspberry Pi

A rootkit is a type of malware that is used to enable unauthorized access to a system. The chkrootkit is a command line tool that scans system in order to detect the rootkits.

This tutorial shows how to install chkrootkit on Raspberry Pi.

Connect to Raspberry Pi via SSH. Execute the following commands to update the package lists and install chkrootkit:

sudo apt update
sudo apt install -y chkrootkit

After the installation is finished, we can check chkrootkit version.

chkrootkit -V

Now run the chkrootkit command without any arguments as root user to scan the system for rootkits:

sudo chkrootkit

Format of the output will be similar to this:

ROOTDIR is `/'
Checking `amd'...                                           not found
Checking `basename'...                                      not infected
Checking `biff'...                                          not found
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
...........

The output is quite long. So if you want to get only warnings and results with “INFECTED” status, use -q option:

sudo chkrootkit -q

We can also filter the output to find results with “INFECTED” status by using grep command:

sudo chkrootkit | grep INFECTED

If you want to completely remove the chkrootkit, run the following command:

sudo apt purge --autoremove -y chkrootkit

Leave a Comment

Your email address will not be published. Required fields are marked *